Computing environments face many security risks. Many vendors provide security offerings to counteract, mitigate or address different types of security risks. However, because of the large number of vendors, and different types of offerings it is often difficult for owners or administrators of computing environments to select which security offerings to use. Additionally, the available security offerings may change frequently, making re-evaluation of security offerings even more cumbersome. For example, new types of security threats may arise, new security offerings may become available, prices of security offerings may change, quality of security offerings may change, and so forth. Due to the factors discussed above, selecting security offerings for a computing environment can be a time consuming and burdensome process. Additionally, keeping current on trends in the security landscape (e.g., emerging threats) and new security offerings can also be quite time consuming and burdensome. Thus, an owner or administrator of a computing environment may postpone selecting security offerings for the computing environment, or neglect to update the security offerings used, which may leave the computing environment vulnerable to security risks or cause inefficiency in spending related to security.